Jump to content


Malware Hunters
  • Content Count

  • Joined

  • Last visited

  • Days Won


alvarnell last won the day on March 8

alvarnell had the most liked content!

Community Reputation

37 Excellent


About alvarnell

  • Rank
    Macintosh Guru

Profile Information

  • Location
    Mountain View, CA, USA
  • Interests
    Honorary Member, Macintosh computing, Mac malware analysis and prevention. USA(Ret) 1963-91.

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Yes they do, but with automatic updates they will move from Updates to Updated Recently for thirty days, so you may not notice them before they have installed. I'm a bit more of a control freak, so I do all updates I can manually. I think only the Google apps are still able to work around that most of the time.
  2. It's my understanding from the Howard Oakley blog analysis, that all apps are verified every time they are launched in Big Sur, regardless of their origin. If hash values of all executables match what's been stored locally in the TCC database, then verification goes relatively fast. If not that means there have been changes (normally from updates) and Apple's on-line database must be checked to see if they match any hash that executable ever had that was not revoked. So you can't be certain that the App wasn't updated before you launch it, which should explain why some are faster than
  3. I never mentioned 365 and completely understood that they were from the MAS. My comments apply equally to all versions of Microsoft Office in Big Sur. Do you have Automatic Updates from the App Store enabled, or do you do them manually? I realize that changes by malware have been all but non-existent over many years now, but macOS is just trying to ensure that if such were possible, verification would catch it.
  4. I can just report that other Big Sur users who are not Malwarebytes users observed the same thing with Microsoft and Adobe products. One of the changes that Big Sur brought is that applications are checked by the trustd process for validity (Signature, Notarization, and perhaps other things) when launched, not just on first launch. Perhaps not as thoroughly as first launch checks, but each executable component of those application bundles must be checked. The TCC database on your computer contains information about the last checks of each component, but if it has been updated or a component ha
  5. Just a note that it is the hidden .keys directory that makes it's contents suspicious, not anything about the files themselves.
  6. Sorry, I'm not clear on a couple of things. - Exactly what additional information do you see from the Malwarebytes staff? The alert appears to me to tell a complete story. I would only add that it's never a good idea to click on or enter a URL shown in an email that is not from a known, trusted source. - Since this is your first posting to the forum, how did you request assistance in removing SearchMine? If it was by a support ticket, be advised that there is a significant backlog there which can take a week or more to get a response, due to a number of factors, including Pandemic is
  7. Down to 8 at this time.
  8. Deep scanning rarely reveals any threats on Macs these days and simply results in a lot of wasted CPU time and occasional false positives that can cripple third party applications. If you must have such an AV scanner, there are plenty of others available.
  9. Just a rarely used UNIX holdover. Can be used when there is an advantage to running a process that requires unique permissions not associated with any user or root. I've only observed one application that uses it for three of it's background processes.
  10. Everything appears to be normal for a single user with no guest and the current version of Malwarebytes installed, but nobody is not related to a guest user. The "nobody" account serves as a way to restrict permissions and access to/from things that don't really belong to any "real" account. You'll find it (or an equivalent) on any unix/linux system.
  11. OK, that's exactly why Malwarebytes (and a few other scanners) treat the as such. There are others who consider them essential to their computing experience (I'm not one of those). The PUP designation is for those in between that haven't made up their minds. Not sure what your aversion to Java is. Most websites wouldn't exist without it. Last time I checked there had never been a Mac instance of java for app use ever being exploited. It was the browser plug-in that often got users in trouble. But you are right that there are very few user apps that require it any more. I still have
  12. Reductive definition for this software as for others Not sure what you meant by this (or what you wrote before editing) but I was referring to this.
  13. Actually, I'm certain that it would be effortless. I simply purchased a Raspberry Pi kit from Amazon. There's a Mac app that will automatically download the OS to a microUSB, plugged in the microUSB, a monitor and keyboard and when it booted it ran through each configuration item choosing from a list of possibilities that were quite obvious or could be left at default value. There's a one-line terminal command that downloaded Pi-Hole and installs all components and default blacklists. Optionally, you can add additional blacklists using scripts that can be easily found on-line. To up
  14. I can't really judge how dangerous your representative sites are, mostly because I don't have time to translate them to figure out exactly what it is that are being offered for download. MacKeeper is just a PUP, so not malicious, but I suppose could be dangerous in the hands of an inexperienced user. Did your submission result in their being blacklisted by Malwarebytes? I would have to guess that the protections built into most all browsers, including Safari, to prevent access to known dangerous and malicious web sites is protecting you to greater extent than is your ad-blocker which only
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.